: The infected system establishes an encrypted connection to a remote server to receive instructions and upload stolen data. Indicators of Compromise (IoCs)
: Add "HogFarming.7z" and similar suspicious archive names to email and web filter blocklists.
: Heavy reliance on .7z or .rar formats to hide malicious .exe and .dll pairings from basic email scanners. Mitigation Recommendations
: Launching the primary file triggers the sideloading of a malicious component (often disguised as a library like MpsSvc.dll or similar).
: It is frequently utilized in campaigns that leverage DLL Side-Loading techniques. In these scenarios, a legitimate, digitally signed executable is bundled with a malicious DLL that the executable is forced to load.
: Deploy EDR (Endpoint Detection and Response) solutions to monitor for unusual DLL loading behavior from legitimate system binaries.
: Analysis suggests the archive often carries variants of the PlugX or ToneIns malware. PlugX is a modular Remote Access Trojan (RAT) used for data exfiltration, keystroke logging, and remote command execution.
Hogfarming.7z Direct
: The infected system establishes an encrypted connection to a remote server to receive instructions and upload stolen data. Indicators of Compromise (IoCs)
: Add "HogFarming.7z" and similar suspicious archive names to email and web filter blocklists. HogFarming.7z
: Heavy reliance on .7z or .rar formats to hide malicious .exe and .dll pairings from basic email scanners. Mitigation Recommendations : The infected system establishes an encrypted connection
: Launching the primary file triggers the sideloading of a malicious component (often disguised as a library like MpsSvc.dll or similar). : Deploy EDR (Endpoint Detection and Response) solutions
: It is frequently utilized in campaigns that leverage DLL Side-Loading techniques. In these scenarios, a legitimate, digitally signed executable is bundled with a malicious DLL that the executable is forced to load.
: Deploy EDR (Endpoint Detection and Response) solutions to monitor for unusual DLL loading behavior from legitimate system binaries.
: Analysis suggests the archive often carries variants of the PlugX or ToneIns malware. PlugX is a modular Remote Access Trojan (RAT) used for data exfiltration, keystroke logging, and remote command execution.